Wireshark-users: Re: [Wireshark-users] invalid request
From: mustafa <mustafarajimusa@xxxxxxxxx>
Date: Wed, 14 Mar 2012 09:20:24 +0300
On 3/14/2012 4:05 AM, Guy Harris wrote:
thank you for your replay the wireshark shows the packet as this , and the problem is that wireshark consider this request as a invalid request and the squid server consider it invalid too, so many invalid request may reduce the performance of the server,On Mar 13, 2012, at 11:57 AM, mustafa alhussona wrote:i installed squid server and i have invalid request, so i decided to check the traffic using the wireshark, please can you tell me what does this line mean [protocols in frame: eth:ip:tcp:http:data]It means that the packet is an Ethernet packet, containing an IP packet, containing a TCP segment, containing part or all of an HTTP request or response, and the body of the HTTP request or response is something Wireshark can't dissect, so it just shows it as data.please what is the meaning of data ok i know the ip:tcp:http is for http request, but what data protocol meanIt means that Wireshark doesn't know what the contents of the HTTP request are, because it either doesn't know what the content type is or because it doesn't know how to interpret that particular content type, so it just shows it as data.and there is a new field describes this data the field called Hypertext Transfer Protocol and contain data of length 56 byteYes, HTTP stands for HyperText Transfer Protocol; the 56 bytes are probably the HTTP request line and message headers.why this request is considered invalid requestWe'd have to see the request in order to know why it's considered invalid. If your Wireshark capture also includes the response, the response might indicate why the request is considered invalid.
*Frame 4139: 110 bytes on wire (880 bits), 110 bytes captured (880 bits) Arrival Time: Mar 13, 2012 11:53:02.536140000 AST Epoch Time: 1331628782.536140000 seconds Time delta from previous captured frame: 0.008177000 seconds Time delta from previous displayed frame: 0.008177000 seconds Time since reference or first frame: 51.377354000 seconds Frame Number: 4139 Frame Length: 110 bytes (880 bits) Capture Length: 110 bytes (880 bits) Frame is marked: False Frame is ignored: False Protocols in frame: eth:ip:tcp:http:data Coloring Rule Name: HTTP Coloring Rule String: http || tcp.port == 80*Internet Protocol, Src: 192.168.40.3 (192.168.40.3), Dst: 10.10.10(10.10.10.53)
Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00) Total Length: 96 Identification: 0x23e0 (9184) Flags: 0x02 (Don't Fragment Fragment offset: 0 Time to live : 127 Protocol : TCP (6) Header checksum: 0xdacd [correct] source 10.10.10.53 (10.10.10.53 Destination: 192.168.40.3 (192.168.40.3)*Transmission Control Protocol, Src Port:49869 (49869), Dst Port: http (80), seq:
Source port: 49869 (49869) Destination port: http (80) [Stream index: 240] Sequence number: 1 (relative squence number) [NEXT squence number: 57 (relative sequence number)] Acknowledgement number: 1 (relative ack number) Header length: 20 bytes Flags: 0x18 (PSH, ACK) window size: 17520 (scaled) Checksum: 0xba28 [validation disabled] [SEQ/ACK analysis] *Hypertext Transfer Protocol *DATA (56 bytes) Data:0569ff24fdd6dbd18ffe4d2f2fffaa9020alae217a53923a.. [Length: 56]
___________________________________________________________________________ Sent via: Wireshark-users mailing list<wireshark-users@xxxxxxxxxxxxx> Archives: http://www.wireshark.org/lists/wireshark-users Unsubscribe: https://wireshark.org/mailman/options/wireshark-users mailto:wireshark-users-request@xxxxxxxxxxxxx?subject=unsubscribe
- Follow-Ups:
- Re: [Wireshark-users] invalid request
- From: Guy Harris
- Re: [Wireshark-users] invalid request
- References:
- [Wireshark-users] invalid request
- From: mustafa alhussona
- Re: [Wireshark-users] invalid request
- From: Guy Harris
- [Wireshark-users] invalid request
- Prev by Date: Re: [Wireshark-users] invalid request
- Next by Date: Re: [Wireshark-users] invalid request
- Previous by thread: Re: [Wireshark-users] invalid request
- Next by thread: Re: [Wireshark-users] invalid request
- Index(es):